If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Vista, Leopard and Linux Square Off in Hacking Contest

OS Hacking Contest

Vista, Leopard and Linux Square Off in Hacking Contest

Will the most secure OS please stand up? Mac OS X, Windows Vista, and Linux are set to go head-to-head in a "ethical" hacking contest to determine which system is more secure. The CanSecWest security conference, which takes place next month in Vancouver, was the source of last year's Hack-a-Mac contest. This year's competition has expanded to include other operating systems, but repeats the "PWN to Own" theme with this year's giveaway consisting of several laptops.

Last year’s contest was limited to OS X and the prize was shared by security researchers Dino Dai Zovi and Shane Macauley who used a zero-day in QuickTime to successfully compromise a Macbook Pro. The flaw was subsequently found to affect Windows as well and was later patched by Apple.

As you might expect, the cross-platform angle for this year’s contest is already starting some serious, and many would argue, pointless, OS wars. Dragos Ruiu, organizer of this year’s CanSecWest security conference in Vancouver, tells CNet that “the fur is flying right now about which is more secure—Linux, Vista, or Leopard,”

This year’s conference so far lacks a sponsor and the particulars of the laptop giveaway haven’t been announced yet, but Ruiu promises they will be “new and thrilling.”

Ruiu also tell CNet that “it is possible that the nature of the contest could still change,” though he doesn’t offer any details. As you may recall, last year’s contest generated some controversy when the organizers were forced to change the rules slightly to allow the hack to include user actions — visiting a malicious webpage for example — something that wasn’t part of the original challenge.

Critics also claim that hacking contests like this one are a bad idea since the vulnerabilities are generally revealed before vendors have been notified, thus putting users at risk unnecessarily.